Lucene search
K

410 matches found

NVD
NVD
added 2026/06/30 2:16 p.m.11 views

CVE-2025-53648

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

5.4CVSS0.00348EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:36 p.m.7 views

CVE-2025-53648

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

5.4CVSS5.7AI score0.00348EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 1:36 p.m.26 views

CVE-2025-53648

CVE-2025-53648 affects Gravitino UI prior to 1.0.0, where a SQL misconfiguration can allow a malicious user to read or truncate files. The vulnerability is triggered by improper SQL handling in the Gravitino UI, impacting versions 1.0.0 and earlier. Upgrading to version 1.0.0 (as recommended) fix...

5.4CVSS5.7AI score0.00348EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 1:36 p.m.41 views

CVE-2025-53648 Apache Gravitino: SQL misconfiguration can access or truncate files

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

0.00348EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:7 a.m.2 views

SUSE-SU-2026:22458-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in...

9.8CVSS6.6AI score0.93235EPSS
Exploits51References350
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ntfs3: init run lock for extend inode After setting the inode mode of $Extend to a regular file, executing the truncate system call will invoke the dotruncate routine, resulting in an uninitialized runlock error reported by syzbo...

5.7AI score0.00161EPSS
Exploits0References3
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/18 12:0 a.m.10 views

Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint...

9.8CVSS5.9AI score0.88171EPSS
In wildExploits5
OSV
OSV
added 2026/06/15 9:17 p.m.7 views

DEBIAN-CVE-2026-47261

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...

7.5CVSS5.2AI score0.00357EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.8 views

CVE-2026-47261

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...

7.5CVSS0.00357EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 7:47 p.m.29 views

CVE-2026-47261 Wasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...

7.5CVSS0.00357EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/15 7:47 p.m.14 views

CVE-2026-47261

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...

7.5CVSS5.3AI score0.00357EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7621

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS5.5AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 3:47 p.m.9 views

GHSA-2R75-CXRJ-CMPH wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

Summary In wasmtime-wasi, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this wasmtime-wasi enforced access control mechanism can be bypassed by using the wasip2 descriptor.open-at or wasip1 pathopen interfaces by opening a file with...

7.5CVSS5.5AI score0.00357EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/05 3:47 p.m.60 views

wasmtime-wasi: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

Summary In wasmtime-wasi, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this wasmtime-wasi enforced access control mechanism can be bypassed by using the wasip2 descriptor.open-at or wasip1 pathopen interfaces by opening a file with...

7.5CVSS5.5AI score0.00357EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/05/28 8:16 a.m.26 views

CVE-2026-7621

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS0.0025EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/28 6:45 a.m.37 views

CVE-2026-7621 SMTP2GO for WordPress <= 1.16.0 - Missing Authorization to Authenticated (Subscriber+) Log Read/Truncate

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS0.0025EPSS
Exploits0References11
CVE
CVE
added 2026/05/28 6:45 a.m.29 views

CVE-2026-7621

The SMTP2GO for WordPress – Email Made Easy plugin (WordPress) is vulnerable in all versions up to 1.16.0 due to improper authorization checks. Authenticated users with subscriber-level access or higher can truncate SMTP log records or export sensitive log data (recipient/sender addresses, subjec...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

WordPress plugin SMTP2GO for WordPress – Email Made Easy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References11
Patchstack
Patchstack
added 2026/05/27 5:42 p.m.10 views

WordPress SMTP2GO for WordPress – Email Made Easy plugin <= 1.16.0 - Missing Authorization to Authenticated (Subscriber+) Log Read/Truncate vulnerability

Missing Authorization to Authenticated Subscriber+ Log Read/Truncate vulnerability discovered by darkmode in WordPress Plugin SMTP2GO versions = 1.16.0...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/22 6:28 p.m.10 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the NewNTUnicodeString function. An attacker can cause a truncated string rather than an error to be returned by convincing a user to access a filename of excessive length. Remediation Upgrade...

4.8CVSS5.8AI score0.00114EPSS
Exploits0References3
Rows per page
Query Builder